{"id":228404,"date":"2026-01-06T05:13:51","date_gmt":"2026-01-06T11:13:51","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/01\/clickfix-attack-uses-fake-windows-bsod-screens-to-push-malware"},"modified":"2026-01-06T05:13:51","modified_gmt":"2026-01-06T11:13:51","slug":"clickfix-attack-uses-fake-windows-bsod-screens-to-push-malware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/01\/clickfix-attack-uses-fake-windows-bsod-screens-to-push-malware","title":{"rendered":"ClickFix attack uses fake Windows BSOD screens to push malware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/clickfix-attack-uses-fake-windows-bsod-screens-to-push-malware.jpg\"><\/a><\/p>\n<p>A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems.<\/p>\n<p>A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to halt.<\/p>\n<p>In a new campaign first spotted in December and tracked by researchers at Securonix as \u201cPHALT#BLYX,\u201d phishing emails impersonating <a href=\"http:\/\/Booking.com\">Booking.com<\/a> led to a ClickFix social engineering attack that deployed malware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. A BSOD is a Windows crash screen displayed when the operating system encounters a fatal, unrecoverable error that causes it to [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-228404","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=228404"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228404\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=228404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=228404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=228404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}